procmail
[Top] [All Lists]

Multiple Matches on one Line and the use of $

2004-02-29 12:15:13
I sent this note a couple of days ago, but for some reason it did not post so 
I'll
try again.

I am doing some experimenting with regex expressions and matches and am having 
some
difficulty getting two matches on one line.  I have some questions that pertain 
to
the following rule set.


 :0 B
  * ^Content-Type:.*
  * 
$name=\".*\.(hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|dll|zip|SCR)\"
  {
    :0 fhwi
     | formail -A"X-SMILE_Execute: Executable Code found and dumped"

     :0:
     /tmp/e.file.txt
  }

The above works very well except that it filters *.com files that are web 
addresses
that have multiple line entries in the form of:

Content-Type: text/plain; charset=us-ascii
"www.amazon.com"

Adding the quotes to the match stopped most of the errant matches but there are 
still
some that are filtered wrong.

Because of this I would like to match only one line so that the above message 
would
be bypassed.  For instance I would like to match:

Content-Type: audio/x-wav; name="hdaqnll.exe"

With  a statement like the following:

  *
^Content-Type:.*$name=\".*\.(hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|dll|z
ip|SCR)\"

I have also tried moving the "$" to the end of the line as the below without 
success:

  *
^Content-Type:.*name=\".*\.(hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|dll|zi
p|SCR)\"$

Would some of you comment on the use of "$" being used to denote matching from 
the
end of line and how it is supposed to be used"

Thanks,

Greg Ennis






_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail